Barracuda launches unified AI platform amid security tool sprawl
The survey, conducted by research firm Vanson Bourne, found that 65% of IT and security professionals face challenges due to running too many security tools. Additionally, 53% reported that their tools were unable to be integrated, leading to fragmented security environments that are both difficult to manage and secure.
The responses came from 2,000 senior security decision-makers globally and highlight broader concerns over the operational and financial repercussions of security tool sprawl. According to the research, 80% of respondents indicated that a lack of integration between tools increased the time needed to manage their organisation's security, and 81% said this resulted in higher overall costs.
The impact on security operations was also significant, with 77% of those surveyed saying detection of threats was hindered by fragmented systems, and 78% noted difficulties in mitigating threats. Only 32% of respondents expressed full confidence in the proper configuration of their security tools, suggesting that many organisations may be vulnerable to breaches due to misconfiguration.
The research also explored the role of managed service providers (MSPs) in reducing the complexity caused by multiple security tools, as well as identifying sectors that are most affected by this issue.
Barracuda has responded to these findings by launching the BarracudaONE AI-powered cybersecurity platform, which aims to provide integrated threat protection and cyber resilience across its portfolio of products. The platform is intended for both MSPs and end users and centralises various security functions to simplify management and reduce the administrative burden.
Neal Bradbury, Chief Product Officer at Barracuda, commented on the findings: "This research serves as a stark wake-up call for organisations still relying on disconnected, siloed security tools. Managing a patchwork of solutions drives up costs and complexity while creating blind spots that attackers are quick to exploit. Security teams simply cannot afford to waste time switching between systems while critical threats go undetected."
"The path forward is clear: consolidation and integration are essential for cyber resilience. That is exactly why we built BarracudaONE – to improve security operations, reduce risk and enable teams to secure their environments faster and more effectively. We are cutting through the complexity, closing critical gaps and empowering organisations with the confidence and control they need to stay ahead of evolving threats."
The BarracudaONE platform unifies Barracuda's security solutions into a single interface, offering layered threat protection that is managed from a central dashboard. This consolidation is designed to reduce operational complexity, bolster visibility, and strengthen overall cyber resilience.
The platform incorporates advanced artificial intelligence that provides detailed threat detection and response, as well as automated intelligence capabilities. Barracuda says its AI has been refined over numerous real-world deployments and now powers robust reporting features to help security teams and partners assess the effectiveness of their threat defences, ROI, and operational impact. These insights are intended to help organisations validate their security postures and make informed decisions.
William Mann, Chief Information Security Officer at the Borough of West Chester, Pennsylvania, described his experience with the platform: "BarracudaONE is a shields-up force multiplier that helps us safeguard critical municipal services – including our police dispatcher center, police and fire departments, as well as wastewater, finance and other essential operations. The ability to manage multiple security modules through a single, centralised dashboard is transformational."
"Barracuda Email Protection's incident response capabilities are mission-critical, and with BarracudaONE, they're more accessible, faster and easier to manage. The streamlined experience of having fewer clicks and faster insights enables us to prioritise threats and respond with the speed and precision our first responders, government teams and community depend on."
Adam Butler, Principal Cyber Solutions Architect at ARO, also commented: "BarracudaONE brings all our Barracuda solutions into a unified, powerful platform – delivering centralised visibility, real-time alerts and actionable reporting. It represents a major step forward for our customers, and an even greater advantage for us as an MSP overseeing thousands of customer environments. With BarracudaONE, we can pinpoint security gaps faster, prioritise alerts with greater accuracy and generate high-value reports in seconds."
BarracudaONE is now available at no additional cost to MSPs, channel partners, and customers already using certain Barracuda products, including Email Protection, Cloud-to-Cloud Backup, and Data Inspector. The platform provides a centralised interface for management of both solutions and licences.
Barracuda's managed extended detection and response (XDR) service, which offers 24/7 expert monitoring backed by Barracuda's security operations centre, is also offered to complement the platform and further enhance security postures for MSPs, partners and end users.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
5 days ago
- Techday NZ
Threat spotlight: How attackers poison AI tools and defences
Barracuda has reported on how generative AI is being used to create and distribute spam emails and craft highly persuasive phishing attacks. These threats continue to evolve and escalate – but they are not the only ways in which attackers leverage AI. Security researchers are now seeing threat actors manipulate companies' AI tools and tamper with their AI security features to steal and compromise information and weaken a target's defences. Email attacks targeting AI assistants AI assistants and the Large Language Models (LLMs) that support their functionality are vulnerable to abuse. Barracuda's threat analysts have found attacks where malicious prompts are hidden inside benign looking emails. This malicious payload is designed to manipulate the behaviour of the target's AI information assistants. For example, a recently reported – and fixed – vulnerability in Microsoft 365's AI assistant, Copilot, could allow anyone to extract information from a network without authorisation. Threat actors can exploit to collect and exfiltrate sensitive information from a target. They do this by leveraging the ability of internal AI assistants to look for and collate contextual data from internal emails, messages and documents when answering queries or completing tasks. First, the attackers send one or more employees a seemingly harmless email containing a concealed and embedded malicious prompt payload. This email needs no interaction from the user and lives benignly in their inbox. When the employee asks the AI assistant for help with a task or query, the assistant scans look through older emails, files and data to provide context for its response. As a result, the AI assistant unwittingly infects itself with the malicious prompt. The malicious prompt could then ask the AI assistant to silently exfiltrate sensitive information, to execute malicious commands or to alter data. Weaponised emails also try to manipulate AI assistants by corrupting their underlying memory or data retrieval logic. These include emails with exploits targeting vulnerabilities in RAG (Retrieval-Augmented Generation) deployments. RAG is a technique that enables the LLMs to retrieve and incorporate new information beyond their training model. Such attacks can lead to AI assistants making incorrect decisions, providing false information, or performing unintended actions based on corrupted data. Tampering with AI-based protection Attackers are also learning how to manipulate the AI components of defensive technologies. Email security platforms are being enhanced with AI-powered features that make them easier to use and more efficient. These include features such as auto-replies, 'smart' forwarding, auto-triage to remove spam, automated ticket creation for issues, and more. This is expanding the potential attack surface that threat actors can target. If an attacker successfully manipulates these security features, they could: Manipulate intelligent email security tools to autoreply with sensitive data. Abuse AI security features to escalate helpdesk tickets without verification. This could lead to unauthorised access to systems or data, as attackers could exploit the escalated privileges to perform malicious activities. Trigger workflow automation based on a malicious prompt. This could lead to the execution of harmful actions, such as deploying malware, altering critical data, or disrupting business operations. Casting doubt on reality Identity confusion and spoofing When AI systems operate with high levels of autonomy, they can be tricked into either impersonating users or trusting impersonators. This can lead to: 'Confused Deputy' attacks: This involves an AI agent with higher privileges performing unauthorised tasks on behalf of a lower-privileged user (such as an attacker.) Spoofed API access: This involves existing AI-based integrations with Microsoft 365 or Gmail, for example, being manipulated to leak sensitive data or send fraudulent emails. Cascading hallucinations: trusting the untrue As mentioned above, email attacks targeting AI assistants can try to manipulate the assistant's functionality. This could lead the assistant to summarise a user's inbox, generate reports, and set the calendar – but based on false or manipulated data. In such cases, a single poisoned email could: Mislead task prioritisation. For example, send "urgent" emails from fake executives. Skew summaries and recommendations. Influence critical business decisions based on hallucinations. How email defenses need to adapt Legacy email gateways, traditional email authentication protocols such as SPF or DKIM and standard IP blacklists are no longer enough to defend against these threats. Organisations need an email security platform that is generative-AI resilient. This platform should include: LLM-aware filtering: Able to understand email context (topic, target, type etc.), tone and behavioural patterns in addition to the email content. Contextual memory validation: This helps to sanitise what AI-based filters learn over time and can prevent long-term manipulation. Toolchain isolation: AI assistants need to operate in sandboxes, with measures in place to block any unverified action based on a received email prompt. Scoped identity management: This involves using minimal-privilege tokens and enforcing identity boundaries for AI integrations. Zero trust AI execution: Just because an email claims to be "from the CEO" doesn't mean the AI should automatically act on it. Tools should be set to verify everything before execution. The future of email security is 'agent-aware' The AI tools being used within organisations are increasing built on 'agentic' AI. These are AI systems capable of independent decision-making and autonomous behavior. These systems can reason, plan and perform actions, adapting in real time to achieve specific goals. This powerful capability can be manipulated by attackers and security measures must shift from passive filtering to proactive threat modelling for AI agents. Email is a great example. Email is becoming an AI-augmented workspace, but it remains one of the top attack vectors. Security strategies need to stop seeing email as a channel. Instead, they need to approach it as an execution environment requiring zero trust principles and constant AI-aware validation. How Barracuda email protection helps defend against AI attacks Barracuda's integrated cybersecurity platform is purpose-built to meet the dual challenge of AI-based attacks and attacks targeting AI components. Our email protection suite combines intelligent detection, adaptive automation, and human-centric design to help customers outpace AI-powered threats. This includes: Advanced AI-based detection: Barracuda uses behavioural AI and NLP to spot social engineering even without obvious malware or links. It catches impersonation, business email compromise (BEC), and tone-shift anomalies that traditional filters miss. Defence in depth: Barracuda covers every stage of the kill chain from phishing prevention to account takeover detection and automated incident response, closing the gaps that attackers exploit. Real time threat intelligence: With data from a global detection network, Barracuda rapidly adapts to evolving threats like prompt injection, RAG poisoning, and AI hallucination abuse. User training and awareness: Technology alone isn't enough. Barracuda empowers employees to recognise AI-powered phishing through ongoing awareness training because trust is the new vulnerability.
Techday NZ
07-08-2025
- Techday NZ
Ransomware repeat attacks linked to fragmented security tools
New research has found that 31% of ransomware victims suffered multiple attacks in the last 12 months, highlighting the ongoing challenge presented by security fragmentation and ineffective defences in organisational IT environments. The Ransomware Insights Report 2025, published by Barracuda, draws on a survey of 2,000 IT and security decision-makers from North America, Europe, and Asia-Pacific, carried out by research firm Vanson Bourne. The findings demonstrate that ransomware remains both a frequent and financially motivated threat, able to exploit the weaknesses and complexity of existing security infrastructure. Repeat attacks Of the organisations that have experienced ransomware incidents in the past year, almost a third reported being targeted more than once. Among these repeat victims, 74% indicated that they are currently managing an excessive number of security tools, creating significant challenges in effective oversight. A further 61% reported that their tools do not integrate well, impeding overall visibility and forming blind spots where cybercriminals can operate. The healthcare and local government sectors have been particularly affected, with 67% and 65% respectively reporting ransomware attacks. Overall, 57% of all respondents said their organisations had fallen victim to at least one ransomware attempt in the last year. Financial impact Ransomware attackers continue to generate significant returns, with the survey revealing that 32% of organisations paid a ransom to recover or restore data. The figure rises to 37% among those affected by multiple attacks. However, the data also shows that paying a ransom does not guarantee a full recovery, as 41% of organisations that paid did not recover all their data. There are various explanations for the low success rates following payment. The report notes, "The decryption tools provided by the attackers may not work, or they've only shared a partial key. Files can be damaged during the encryption and decryption processes, and sometimes the attackers take the ransom and don't provide any decryption tools. A good and regularly updated backup offers proven protection against this risk." Security vulnerabilities The report points to significant deficiencies in email security, with less than half (47%) of ransomware victims having implemented an email security solution, compared to 59% of organisations that were not targeted by ransomware. This is of particular concern given that 71% of those who suffered an email breach also went on to experience a ransomware incident. The methodology underpinning the research involved surveying senior security decision-makers with responsibility for IT and business functions in organisations sized between 50 and 2,000 employees, spanning industries in the US, UK, France, Germany, Austria, Switzerland, Belgium, the Netherlands, Luxembourg, the Nordics, Australia, India, and Japan. Complex attacks The report finds that ransomware attacks often involve multiple methods and objectives. Only 24% of reported incidents were limited to encrypting data, while 27% involved both stealing and publishing data, 29% included the installation of other malicious payloads, and 21% saw attackers install backdoors for persistent access. The impact of successful ransomware incidents has grown. 41% of affected organisations reported reputational harm, while a quarter suffered the loss of new business opportunities. Attackers are also using payment threats directed at business partners, shareholders, customers (22%), and employees (16%) to increase pressure on victim organisations. Security integration challenges Neal Bradbury, Chief Product Officer at Barracuda, said the findings raise considerable concern regarding the scalability and integration of security tools currently in use: "The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable. In many cases attackers can move through victims' networks, gaining access to devices, data and more without being detected and blocked. Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can't work together, or which are not configured correctly, create security gaps and lead to breaches. A unified approach to security centered on a strong integrated platform is vital." The data presented in the report highlight ongoing challenges as ransomware groups refine their methods, with security complexity and insufficiently coordinated toolsets providing opportunities for repeated incidents and significant business risk. The report underscores the importance of consistent and unified security practices for organisations looking to reduce their exposure to ransomware attacks.
Techday NZ
22-07-2025
- Techday NZ
Cyber threats surge with rise in infostealers & Linux attacks
Barracuda Networks researchers have reported a notable rise in cyber threats over the past month, with substantial increases in infostealer attacks, threats targeting Linux servers, and suspicious login attempts to AWS consoles. Infostealer attacks Barracuda's SOC threat analysts identified a 35% increase in detections related to infostealer malware, which is used to steal credentials, hijack sessions, conduct cyber espionage, and facilitate data exfiltration. Interpol recently decommissioned 20,000 IP addresses linked to 69 infostealer variants. The report outlined the primary methods through which infostealers are delivered. Attack vectors include phishing emails urging users to click on malicious links or download infected attachments, drive-by downloads from websites, software exploits targeting unpatched vulnerabilities, and bundled software, especially pirated applications. Specific signs pointing to infostealer activity within an organisation include sudden or unusual account activity, a surge in help desk requests linked to lost credentials, system slowdowns, and unexpected pop-ups or ads, which may signal malware presence. "A robust endpoint security solution such as Barracuda Managed XDR Endpoint Security that can detect and block malware in real time is the best defence against infostealer malware." "Enforce the use of multifactor authentication (MFA) to make it harder for attackers to breach accounts even if credentials are compromised. Implement security awareness training for employees on the latest phishing tactics and safe browsing. Implement advanced email security to detect and block phishing attempts before they reach users. Keep systems and software updated with the latest security patches. Prevent employees from downloading and installing pirate versions of applications to their work accounts." Linux servers under threat The report also indicated a 56% jump in attacks on Linux servers. Among the reasons highlighted are a reported 3,300 new Linux vulnerabilities in 2025 alone, a 130% rise in the number of attacks over the previous year, and two critical vulnerabilities announced in June 2025. The widespread use of Linux systems for servers, cloud infrastructure, and IoT devices has contributed to these systems being frequently targeted. Threats include malware attacks such as ransomware, rootkits, backdoors, distributed denial of service (DDoS) attacks, exploitation of unpatched software flaws, and the hijacking of server resources for unauthorised cryptocurrency mining. Indicators of compromise might include traffic spikes to unfamiliar IP addresses, abnormal account behaviour, system slowdowns, and configuration changes to critical files. "Keep systems, including operating systems, and software updated with the latest security patches. Implement firewalls to restrict access to critical services and monitor incoming and outgoing traffic for suspicious activity." "Enforce strong password and authentication policies, and consider using key-based authentication for SSH (a cryptographic protocol for secure remote login) access to reduce the risk of brute-force attacks. Implement a robust backup and recovery plan to limit the operational impact and quickly restore services following an incident. Deploy an extended detection and response (XDR) solution - ideally covering endpoints, servers and networks - as this features intrusion detection systems (IDS) that monitor activity and alert administrators to potential threats in real time." AWS login concerns Analysts observed a 13% increase in suspicious login attempts to the AWS Management Console. While smaller than the increases seen for other attack categories, these attempts present notable risks, including credential theft, brute-force attacks, phishing using social engineering, and potential account takeover. A successful breach could allow attackers to manipulate AWS resources, exfiltrate data, or use compromised accounts for additional attacks. Warning signs include login attempts from unusual locations or IP addresses, a high number of failed logins, or sudden shifts in resource usage or account configurations. "Enforce the use of strong passwords and multifactor authentication (MFA) to make it harder for attackers to breach accounts even if credentials are compromised. Implement security awareness training for employees on the latest phishing tactics and safe browsing. Continuously check for and correct misconfigurations in cloud service settings. Implement network segmentation, and restrict employees' access permissions to limit access to sensitive areas of the network. Deploy an XDR cloud security solution that will check regularly for unusual login activity and flag any suspicious events." The report attributes these increases to a surge in cybercriminal activity targeting technological vulnerabilities and user awareness gaps, and outlines practical recommendations for organisations to reduce the risk of falling victim to such attacks.
